I dreamed a dream 30 years ago and it comes true today. When I was a 10th grade student, I got in touch with the 8086 PC and DOS for the first time. It is the moment that determines my passion and career to be an “IT professional”.
After working for 20+ years in the IT industry, I developed an expertise stack as the above diagram and achieved annual goals to pass a list of planned exams with the purpose to be certified, to deliver quality services, and assure customer confidence.
Today is the historic moment in my life, becoming an experienced and certified IT professional.
After studying for 35 hours within 12 days (from 2018/11/15 to 2018/11/26), I cleared the ISACA CGEIT (Certified in the Governance of Enterprise IT) exam today. Because of distractions, I spent only 35 hours in a period of 12 days.
For experienced managers, MBAs or entrepreneurs, I believe it won’t take you too much time to study these two.
This exam is one of my favorites. Even though it is not as well-known as CISA or CISSP, it really helps. I highly recommend CISSPs sit for this exam if management position is one of your career choices.
Enablers are broadly defined as anything that can help to achieve the objectives of the enterprise.
Governance ensures that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; and monitoring performance and compliance against agreed-on direction and objectives.
Enterprise governance is a set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately and verifying that the enterprise’s resources are used responsibly.
Architecture can be defined as a representation of a conceptual framework of components and their relationships at a point in time.
Weill and Ross identify six key assets
Human, Financial, Physical IP, Information and IT, and Relationship assets
Define KPIs before implementing IT BSC.
The board of directors provides input for business strategy and IT strategy.
The IT strategy committee is responsible for providing guiding principles for a business-aligned IT strategy through the enterprise architecture.
The IT steering committee implements the IT strategy developed by the IT strategy committee using guiding principles.
The IT architecture review board
The CIO is responsible for developing the IT enterprise architecture using guiding principles. (Senior/Executive Management)
Having leaders who inspire new values is the most relevant in the enterprise change of an IT governance implementation. The culture of an enterprise is a reflection of leadership consciousness (values, beliefs and behaviors of the leaders and the legacy of the past leaders).
An IT governance framework can exert its greatest influence in resolving cross-departmental conflicts for IT-related issues. When a governance framework is in place, business units are aligned to strategies and resource prioritization is made accordingly.
It’s a lovely afternoon and peaceful moment to enjoy the view looking out through the floor-to-ceiling window from the office.
When the ISSAP score report disclosed “Congratulations!”, my goal has been achieved pursuing the planned certifications from ISC2. I spent around 4 months in total studying intensively and finally passed the six ISC2 exams: CISSP, CCSP, CSSLP, CISSP-ISSEP, CISSP-ISSMP, and CISSP-ISSAP.
After studying for 40 hours within 8 days (from 2018/11/06 to 2018/11/13), I cleared the ISC2 CISSP-ISSAP (Information Systems Security Architecture Professional) exam today. This exam is one of the 3 CISSP concentrations. I would say the level of difficulty would be ISSAP < ISSMP < ISSEP.
The ISACA CGEIT is the last mile for me to declare success achieving my annual goal.
The ENISA Threat Landscape is a collection of threats. It contains identified threats, trends observed and threat agents involved. ETL consists of a list with top threats prioritized according to the frequency of appearance and NOT according to the impact caused.
Enterprise Architecture [CNSSI 4009]
The description of an enterprise’s entire set of information systems: how they are configured, how they are integrated, how they interface to the external environment at the enterprise’s boundary, how they are operated to support the enterprise mission, and how they contribute to the enterprise’s overall security posture.
Information Security Architecture
An embedded, integral part of the enterprise architecture that describes the structure and behavior for an enterprise’s security processes, information security
systems, personnel and organizational sub-units, showing their alignment with the enterprise’s mission and strategic
Enterprise architecture also promotes the concepts of segmentation, redundancy, and elimination of single points of failure—all concepts that can help organizations more effectively manage risk.
The Federal Enterprise Architecture (FEA) defines a collection of interrelated reference models including Performance, Business, Service Component, Data, and Technical as well as more detailed segment and solution architectures that are derived from the enterprise architecture.
Organizational assets (including programs, processes, information, applications, technology, investments, personnel, and facilities) are mapped to the enterprise-level reference models to create a segment-oriented view of organizations.
Segments are elements of organizations describing mission areas, common/shared business services, and organization-wide services. From an investment perspective, segment architecture drives decisions for a business case or group of business cases supporting specific mission areas or common/shared services. The primary stakeholders for segment architecture are mission/business owners.
Following closely from segment architecture, solution architecture defines the information technology assets within organizations used to automate and improve mission/business processes. The scope of solution architecture is typically used to develop and implement all or parts of information systems or business solutions, including information security solutions. The primary stakeholders for solution architectures are information system developers and integrators, information system owners, information system/security engineers, and end users.